Pidgin can save passwords in KWallet

Pidgin is a multi-protocol multi-account instant messenger based on GTK. Although I am a KDE user myself, I like Pidgin more than KDE’s instant messenger (Kopete) – for reasons that I will not discuss here. Still, I hope Kopete will get better eventually.

I use 3 accounts simultaneusly with Pidgin and having 3 password pop-up boxes every time I start it is quite daunting. It kindly offers to remember the passwords for me but it uses a plaintext file for that (the same file it saves the accounts data in).

If “remember password” is checked for one of the accounts just try something like the command below and you (and other people who have access to your files) can see it.

I don’t think that’s ok, not even for my box at home let alone the one at the office. At home it is a bit paranoia, I agree, but at work there are good chances that someone would need access to my box so I would have to give them the user or root password, or they could just use a live cd, or any other means of getting access to the files. So I implemented a Pidgin plugin that allows saving the passwords in KWallet. KWallet is a secure storage system for sensitive data such as passwords. Besides the C/C++ API it offers a decent DBus interface which applications can use to store and retrieve data (my plugin uses it too).

Saving the passwords is just as elegant as the built-in method. In fact, once the plugin is installed the passwords are saved automatically on connect for each account and reused from the storage the next time they are needed. The remember password check-box should be off else the passwords will be saved in the plain text file also!

Pidgin Asks for Access to the KWallet

Installation

The installation is very simple. Needless to say KDE and KWallet are required – installing is very simple on most of the Linux distributions (as simple as running emerge kwallet on Gentoo or sudo apt-get install kwalletmanager in Ubuntu; make sure the installed software is part of KDE 4.x). Once you have that installed just copy the plugin file to the plugins directory

Or you can use your favourite browser for it, just save the file in ~/.purple/plugins/.

Restart Pidgin so that the file is picked-up. If all works well the plugin should show up in the plugins list: accessible via the Tools > Plugins menu in the Buddy List or Ctrl + U; there enable the KWallet plugin.

Pidgin Plugins List

In case it doesn’t show … there might be a missing dependency on the system. In Gentoo I installed the dev-perl/Net-DBus package, maybe there is a similar one in your distribution.

In Ubuntu there should be a package like libnet-dbus-perl that you can install, so you could try:

sudo apt-get install libnet-dbus-perl

or use the package manager you like to install it.

In Fedora the package should be named perl-Net-DBus and you will also need pidgin-perl so you could try something like:

sudo yum install perl-Net-DBus pidgin-perl

(thanks to Kyle Kinkaid for the info).

Don’t forget to restart Pidgin after that and enable the plugin.

After enabling the plugin the passwords will be saved into KWallet the first time you enter them and then read from the storage every time they are needed. You will only need to enter the KWallet password to open the safe storage.

If you want to modify a password for an account just disable the account by using the accounts menu from the Buddy List and then enable it again. The password prompt will appear allowing you to enter the new password. On successful connection the new password will be saved to the safe storage.

If you want to see/edit the saved passwords you can use the KWallet Manager application. It adds an icon in the tray. Click on that, open the default wallet (usually called kdewallet) and there you can see all the data saved into it. The Pidgin passwords are in the liburple folder.

KWallet Manager Showing the Default Wallet

If you want to uninstall the plugin

If you don’t want to use the plugin anymore (do you?) just disable it or remove it from ~/.purple/plugins/. The passwords in KWallet can be removed by using the KWallet Manager.

There is one problem with this: it doesn’t ask you whether you want to open the local or the network wallet and always defaults to the local one. For me it’s a huge problem, because I use my network wallet for transfering passwords to other PCs (encrypted with OpenSSL, of course). So when it’s saved in the local wallet, I lose it each time I need to switch to another PC.

Oh, and just for reference, on OpenSUSE 11.4 the dependency is named perl-Net-DBus.

Added a feature – the wallet to use can be chosen in the plugin configuration dialog (Tools > Plugins, select the KWallet plugin then click “Configure plugin”). Don’t forget to download the latest version first.

Thank you for reporting this and please let me know if this update works as expected.

I’ve tested this out for a while, and while this feature seems to work fine, for some reason Pidgin sometimes starts with the plugin disabled. Or maybe it gets disabled if it doesn’t get an answer from KWallet after some time? I can’t tell for now.

I’m glad the new feature works fine. If you can help me to reproduce the bug I will try to solve it. The behaviour should be that if there is no answer from KWallet (request denied, kwalletd lock or unable to start) the normal password dialog should be shown, but not disable the plugin. However sometimes this bug appears https://bugs.kde.org/show_bug.cgi?id=254198 …

Every time I waited long enough for it to show the password dialog so far made it disable the plugin, so I’d say it’s reproducible in my case. And it doesn’t seem to be related to that bug (although there are two programs trying to access it, Amarok and Pidgin), since it doesn’t lock up. It works fine for both applications if I enter it fast enough and works fine after I re-enable the plugin if I don’t enter it fast enough.

Fixed the issue with the plugin being disabled when the user did not enter the password quickly enough. That also avoids conflicts with other applications requesting access to KWallet. Once again thank you for testing.

Hi, for some reason, I cannot get pidgin to show the plugin. I use Fedora 16 with Pidgin 2.10.5. I downloaded the libpurple_kwallet_plugin.pl file then created the plugins directory under .purple (it didn’t exist previously) and placed the .pl file there. I also installed via yum
perl-Net-DBus and the Purple module from CPAN but the plugins list is empty. Just to check, I run the .pl file via perl and there are no errors. Any ideas? Thanks.

It’s all right, we’ve solved it. The Purple CPAN module had to be removed (doesn’t have anything to do with Pidgin or LibPurple) and a package called pidgin-perl (that has libpurple-perl as a dependency) had to be installed. I’ve also updated the post to reflect that. Thank you both for your feedback.

Awesome app. However, the behaviour is non-standard. If the user does not want to save, the password for a particular account, he cannot do it. I can think of two options for handling this case.

1. In configure plugin options, give an option whether password is saved automatically on login or when remember password option is selected (in the latter case remeber password should not save the password to file).

2. The second better alternative is that an additional option “Save password in kwallet” should be presented in the password prompt dialog. Only if the user selects this option will it be saved to Kwallet. I don’t think this is much effort though.

Unfortunately, the best that I can do is put options in the plugin config, per account, that can prevent the save of the password in KWallet (and have it unchecked by default). From the plugin I can’t control the password save form or the fact that if “Remember password” is checked it will save it to the file.

Not the most preferable way but if that option is added, at least user can decide which passwords he wants to have saved to kwallet. However, you might want to check with the developers if one of the previous options is not really feasible.

I see a security bug with your plugin (using the latest one with Pidgin 2.10.6). I enable “save password” and it stores it in KWallet, however the password is also being stored in ~/.purple/accounts.xml in unencrypted form at the same time! Which defeats the purpose of the plugin. Am I missing something here?

It should have saved it if the plugins was active. You can run Pidgin from the command-line with ‘pidgin -d’ to see debug messages. You should also enable the debug window (Help > Debug Window in the Buddy List window). The messages there should give you clues about why is it not working properly.

It seems the Pidgin devs have some Google Summer of Code projects that should address the issue of passwords saved in plain-text. They didn’t merge it yet (and it’s from 2008). I hope they do eventually, there are some things plugins can’t touch … in which case some sort of “hacks” are needed (like not checking “Remember password” or adding a plugin config section for excluding passwords for some accounts from being saved to KWallet). I would be happy with those changes even if this plugin will then be obsolete.

Another issue is … I can’t make any plugin work with Pidgin after upgrading to Perl 5.16. Created a ticket https://developer.pidgin.im/ticket/15377 – no useful response in a few months now. Maybe it’s just my Gentoo (having this on 3 machines, on both 32 and 64 bits). Do you have this issue (do you have Perl 5.16 that is)?

While on this subject, what about IRC password saving? The problem with that is that I can’t have it saved it in KWallet, as connecting to IRC does not bring up the password prompt (as IRC passwords are optional), and entering the password in the account settings (without checking the remember box) doesn’t seem to save it in KWallet.

Pidgin 3 will have keyring support (so passwords can be saved in Gnome Keyring, KWallet or Windows credential manager). https://developer.pidgin.im/wiki/KeyringSupport
Hope they release it soon enough (even if that means this plugin becomes obsolete).

Love the plugin! Made an AUR package for Arch Linux – https://aur.archlinux.org/packages/pidgin-kwallet-plugin-git/ – since the other KWallet plugin from the official repos is pretty buggy. Also, as a suggestion, you could move this to GitHub, since you would probably receive more interest and pull requests there. Cheers!

Thank you!
Yes, moving to GitHub is a good idea, just that I don’t really have time to implement it. Besides, I’m thinking Pidgin 3 will be out eventually and will have keyring support (making this plugin obsolete). But if anyone wants to do it – sure!🙂

Hello, I’ve installed your plugin on Kubuntu 12.04, and it appears to only work for one of my accounts (ICQ one). But for the second one, Google Talk, pidgin for some reason re-asks me the password each launch. Why could this be?

Hello Ruslan, sorry for the late reply. Try activating the debug window (from the help menu). You should find some clues there. Didn’t test on Kubuntu😦 (but I use the plugin right now on KDE 4.14 on Gentoo).